This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations.

Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect.

Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10.

This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG).

This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2.

This major update to Sysmon, a service that records process activity to the Windows event log for use by incident detection and forensic analysis, includes driver load and image load events with signature information, configurable hashing algorithm reporting, flexible filters for including and excluding events, and support for supplying configuration via a configuration file instead of the command line.

RU (Registry Usage), a command-line tool that shows registry usage by key, now supports loading hive files (with the side-effect of compressing them when done) and reports last write timestamp in CSV output.

■ Handle v4 : Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes.

■ ProcDump v7.01 : This release fixes several bugs, including one that affects the UI hang trigger, one that causes misnamed dump files for reflected dumps, and another that would cause .NET applications Procdump monitors for first-chance exceptions to terminate with Procdump.

■ Process Explorer v16.04 : This update fixes a bug in Virus Total file submission that could cause a crash, and now shows Windows Store package names on the Image page of the process properties dialog.

■ RegJump v1.02 : Regjump, a utility that opens Regedit to the registry key specified as a command-line argument, now works on 64-bit Windows.

■ Autoruns v12.03 : This update to Autoruns adds the registered HTML file extension, fixes a bug that could cause disabling of specific entry types to fail with a "path not found" error, and addresses another that could prevent the Jump-to-image function from opening the selected image on 64-bit Windows.

■ Autoruns v12.02 : This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC.

■ Coreinfo v3.31 : This update fixes a bug that could prevent the Coreinfo driver from loading.

■ Sysmon v1.01 : This fixes the manifest registration so that Sysmon event logs can be interpreted without installing Sysmon, and now includes unique UDP connections within 15-minute intervals.

■ Whois v1.12 : This release fixes the verbose output to not show the final record twice.

Sysmon v1.0 : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers, and correlate events across your network to track them as they traverse your network.

Autoruns v12.01 : This update to Autoruns, a utility that comes in Windows application and command-line forms, has numerous bug fixes, adds a profile attribute/column to CSV and XML output, and interprets the CodeBase value for COM object registrations.

Coreinfo v3.3 : Coreinfo is a command-line utility that reports comprehensive information about a system’s processors, including their cache sizes and topology, memory latency, and processor features, now reports virtual memory address width as well as support for many additional instructions, including PT, SHA, MPX, CFLUSHOPT, and AVX variants.

Procexp v16.03 : This release of Process Explorer, a process viewing and control utility, fixes several bugs, including one where moving the mouse over the information graphs could cause it to crash and another that could cause a crash when checking Virus Total results.

AccessChk v5.2 : This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it dumps security descriptors.

PsExec v2.11 : This release to PsExec, a command-line remote execution utility, fixes a bug in the implementation of the -s (execute as local system) option on Windows Server 2003.

Sigcheck v2.1 : This update to Sigcheck, a command-line utility that shows file version and digital signature information, now reports a file’s entropy (average bits/byte required to encode its data), can dump information about catalog files including the hashes they store, and can list the certificates installed in the per-user and machine certificate store.

VMMap v3.12 : This release of VMMap, a tool for analyzing process virtual and physical memory usage, fixes a bug affecting queries of files stored on file shares, fixes a bug in copy-to-clipboard of 64-bit addresses, now reports an error when attempting to open stacks on loaded traces, and fixes a bug in the reserved memory working set calculation.

Process Explorer v16.02 : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window.

Process Monitor v.3.1 : This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor apply the current filter to the output file as it saves it.

PSExec v2.1 : This update to PsExec, a command-line utility that enables you to execute programs on remote systems without preinstalling an agent, encrypts all communication between local and remote systems, including the transmission of command information such as the user name and password under which the remote program executes.

Sigcheck v2.03 : This version corrects a bug that caused the output of the –u switch to include signed files, and fixes several other minor bugs.

PsExec v2.0 : PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.

RAMMap v1.3 : RAMMap, a graphical utility that provides a comprehensive breakdown of physical memory usage by usage type and process, is updated to work on Windows 8.1.

Sigcheck v2.0 : This major update to Sigcheck, a command-line file version and digital signature verification utility, adds integration with the VirusTotal antivirus scanner aggregation service. Sigcheck can now check the status of a file against over 40 antivirus engines and launch the associated online VirusTotal report, and even upload files for scanning that have not already been scanned by VirusTotal. This release also reports the machine type of executable images, whether 16-, 32-, or 64-bit.

Yes, you understand it correctly. OllyDbg graphic interface supports multiple languages. All you need is the corresponding language file. Currently there are none, but I expect that the volunteers will be able to make more or less complete translations.

Plugins compiled for OllyDbg 2.01 beta are 100% compatible with v2.01. PDK will be updated... soon...

Preliminary version of Disassembler 2.01 is almost ready. That is, the sources are more or less final but documentation and ready-to-use DLLs are still missing. I release Disasm 2.01 under GPL v3. Commercial licenses are also possible.

Autoruns v11.70 : This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that

Disk2vhd v1.64 : This update to Disk2Vhd, a tool for converting physical system disks to VHDs for use by virtual machines, now supports disk sizes of up to 2 TB.

Process Explorer v15.40 : Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a

Autoruns v11.62 : Autoruns is a utility for managing autostarting applications, DLLs and services. This update adds more autostart locations, fixes a bug that could cause a crash when Autorunsc is directed to calculate file hashes, and fixes a bug in Autoruns' jump-to-image functionality on 64-bit Windows. (add) This release fixes a bug in version 11.61's jump-to-image functionality.

Strings v2.52 : This release fixes a bug that prevented the previous one from running on Windows XP.

Zoomit v4.5 : Zoomit is a screen zooming and annotation tool for technical presentations. This release introduces better support for zooming in on Windows 8 Windows Store applications.

Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.

Process Explorer v15.31: Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view.

Procdump v6.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 6.0 is a major upgrade that adds the ability to specify multiple filters, attach to a process by service name, and display/filter on the message text of a CLR or JScript exception.

RAMMap v1.22 : RAMMap is a graphic utility that shows the breakdown of physical memory usage across different dimensions. This release fixes a bug that could cause a crash when accessing the cached files page when a cached file's name exceeded a certain length.

Strings v2.51 : This update to Strings, a command-line utility that prints a file's embedded Unicode and ASCII strings, fixes a signed file offset printing bug.

Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.

Disk Usage (Du) v1.5 : Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.

ProcDump v5.14 : This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.

Process Monitor v3.04 : Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.

Registry Usage (RU) v1.0 : Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.

Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories.

Process Explorer v15.3 : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.

Sigcheck v1.91 : This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner.

Zoomit v4.42 : Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases.

DebugView v4.81 : Version 4.81 of DebugView, a utility that logs user and kernel-modedebug output messages, fixes a bug that could cause it on some executionsto fail to capture debug output and enter a CPU-bound loop.

ProcDump v5.11 : This release of ProcDump fixes a bug introduced in version 5.1 that prevented it from working on 32-bit Windows XP.

ZoomIt v4.41 : This update to ZoomIt, a screen magnification and annotation utility, includessmoother zooming behavior, adds the ability to specify the initial zoom level, and maintains the window focus when initiating live zooming.

Procdump v5.1 : This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios.

Coreinfo v3.1 : This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep.

Desktops v2.0 : Desktops, a virtual desktop utility for Windows that lets you create up to three additional workspaces, is now compatible with Windows 8, properly supporting Winkey hotkey sequences (like Winkey+R to bring up the Run dialog) on alternate desktops and switching back to the primary desktop’s start screen when you hit Winkey.

Livekd v5.3: LiveKd, a command-line utility that enables you to use the Windows kernel debuggers to examine live systems as well as virtual machines, now support Windows 8.

PsPasswd v1.23 : PsPasswd, a Pstools utility for remoting changing local machine passwords, now includes support for changing domain account passwords.

Testlimit v5.22 : This release of TestLimit, an educational tool for testing the way Windows handles exhaustion of various resource types such as system commit, fixes an output formatting bug that could have it report KB instead of MB.

Whois v1.11 : Whois v1.11, a tool for looking up domain name registration information, includes bug fixes that could cause it to crash if provided with malformed domain name input strings.

PsPing v1.0 : PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.

DebugView v4.8 : This release of DebugView, a debug output monitoring utility, addresses a bug that could cause DebugView to blue screen on “checked build” (debug) versions of Windows.

Process Explorer v15.23 : This update to Process Explorer adds the ability to view the process token of protected processes, fixes a bug that causes a crash when viewing thread stacks on Windows XP, and fixes a bug that causes a crash when running on Windows PE.

Sigcheck v1.81 : This update to Sigcheck, a command-line utility for analyzing the digital signatures of executable images, fixes a bug that could cause it to crash when reporting the signing status of images that have invalid signatures.

Autoruns v11.34 : This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions.

ProcDump v5.0 : Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.

Sigcheck v1.8 : This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.

VMMap v3.11 : VMMap, a utility that shows detailed information about a process’ virtual and physical memory usage, now reports commit usage instead of working set in its timeline view and fixes a bug that enables export of captures of 32-bit processes.

AccessChk v5.1 : This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.

Autoruns v11.33 : This fixes a bug that caused the run as administrator elevation to fail if Autoruns was started from a path with spaces.

Coreinfo v3.05 : Coreinfo, a tool that shows CPU features, cache sizes, and topology, now correctly shows hyperthreading support on AMD multicore systems and lists processor features on Windows XP.

Whois v1.1 : Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.

- 업데이트 목록(클릭하시면 새창으로 이동합니다) Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.